pfBlockerNG sync not working

Overlord

Hey guys

I have two pfSense "23.01-RELEASE (amd64)" with pfBlockerNG version 3.2.0_3 installed.

I tried to get the pfBlockerNG data synced to the second pfSense (HA and CARP is configures and is working like a charm - no issues). But pfBlocker sync is doing noting. Tried with "Sync to host(s) defined below (Data from the second pfSense with admin account on Port 80 and 443) and with Sync to configured system backup server.

Inside the "/var/log/pfblockerng/pfblockerng.log" is nothing about XMLRPC sync.

And I already tried to turn off pfBlockerNG and restart it - nothing.

Any ideas?

Greetz
Ovrld

barnops

Same issue.
HA, CARP, Syricata all Sync.
PFBlockerNG is not syncing from host to slave.

SteveITS

@overlord I'm seeing this too, I created https://redmine.pfsense.org/issues/14220

SteveITS

Was already at https://redmine.pfsense.org/issues/14189. :( I searched for "sync."

planedrop

Super glad I came across this post, been seeing the same thing (hadn't checked on it in a while since I hadn't made any changes, so luckily things on the secondary node are hardly out of sync), seems there is yet to be a fix? Have you found anything else out?

Also, weird question, but would you mind going to Status > DHCP Leases and seeing if you are getting "communications-interrupted" as the status under "My State" on either firewall? I believe this is a separate thing/issue with my setup (100% of all other syncing is working)

planedrop

@planedrop also just adding @BBcan177 to this. I'm sure you're aware but wanted to be certain.

juliokele

I found the bug (typo) and made a quick patch.
@BBcan177 already knows this and may apply it to the next release.

Patch Contents:

--- a/pfblockerng.inc
+++ b/pfblockerng.inc
@@ -10823,7 +10823,7 @@ function pfb_remove_config_settings() {
 /* Uses XMLRPC to synchronize the changes to a remote node */
 function pfblockerng_sync_on_changes() {
 	// Create array of sync settings and exit if sync is disabled.
-	$pfb_sync = config_get_path('installedpackages/pfblockerngsyncd/config/0', []);
+	$pfb_sync = config_get_path('installedpackages/pfblockerngsync/config/0', []);
 	if (!empty($pfb_sync)) {
 		if ($pfb_sync['varsynconchanges'] == 'disabled' || empty($pfb_sync['varsynconchanges'])) {
 			return;

Base Directory:
/usr/local/pkg/pfblockerng

[Addendum]
pfBlockerNG v3.2.0_6 and up: officially fixed (delete the patch, install/reinstall pfBlockerNG, update with force reload, restart pfSense)
pfBlockerNG-devel v3.2.0_7: officially not fixed (my recommendation to switch to the nondevel package)

planedrop

@juliokele Oh awesome, thanks so much for this!!

byjanus

@juliokele Much appreciated, Was wondering what I'd done wrong and what logs to search until I found and applied this fix - fantastic

DWood 0

@juliokele said in pfBlockerNG sync not working:

/usr/local/pkg/pfblockerng

Great investigative work!

Thanks much!!!

planedrop

Following up on this, seems an official patch came out on August 13th via package manager, however this patch doesn't seem to resolve the issue. I have an HA setup, which I've verified have the patch applied and I double checked the file for the typo, all is well, but sync still isn't working between the two.

vavsaftoiu

@planedrop @juliokele
Manual patch works but only after reload on master, only saving will not sync. HA here with 23.05.1. Tested both options with "system backup" and "host defined"

Great work, many thanks

planedrop

@vavsaftoiu Interesting, I haven't used the manual patch, but from what I can see the manual patch is doing the exact thing that BBCan did for the official fix, so maybe I've got something else going wrong?

It does list HA Sync = done in the logs when doing a manual reload, but absolutely nothing is syncing over. HA is working otherwise and was fine even with pfB in the past.

I'll do some more digging to see if I can figure out what is going on.

juliokele

@planedrop
i have extended my comment: https://forum.netgate.com/post/1108304

planedrop

@juliokele Thanks for this, I'll try to reinstall pfB to see if that helps, reboot has already happened and I actually never applied the manual patch.

geisterfahrer

Hey guys,

after applying pfblockerng non-devel update 3.2.0_6 to my _5-install sync still did not work.

Unchecking the button "Keep Settings", saving and reloading and then reinstalling the package on my backup-machine followed by a force reload on the master machine did the trick and now the sync works smoothly. Reboot was not necessary on neither my master nor my backup machine.

Thanks folks!

Bruce74

@juliokele said in pfBlockerNG sync not working:

pfBlockerNG-devel

Is there any news on when this will be fixed for "pfBlockerNG-devel"?

SteveITS

@Bruce74 said in pfBlockerNG sync not working:

Is there any news on when this will be fixed for "pfBlockerNG-devel"?

Semi-related question, what is the future of pfBlockerNG-devel? When 23.01 came out pfBlockerNG and pfBlockerNG-devel were made the same code. So we just switched to non-devel as (vaguely) suggested in the release notes. My general assumption was they would not differ going forward, but apparently they are already diverging in minor ways.

IT_Luke

@SteveITS just updated to pfSense 2.7.2 and this brough me to pfBlockerNG_devel 3.2.0_7 and still had to manually re-apply the fix so definitely not fixed on latest Devel version either. Should devel version be patched by now or should we consider switching to the non devel branch?

Bruce74

@IT_Luke

I updated to pfBlockerNG-devel 3.2.0_7 a couple of weeks ago, and it fixed the sync issue for me.